如何在更新期间保留 Mac 上的 CAcerts 密钥库?
Mac OS X 的 CA 密钥库位于 /System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts 中。这个密钥库似乎会被每次 Java 更新覆盖,这非常烦人,因为我们有用于开发环境、测试的内部 CA……
是否有一种方法可以跨 Apple JSR 保留密钥库更改,现在,使用 Snow Leo JSR3,也可以跨更新单独的 Java 开发人员包(其 JDK 使用相同的密钥库)?
Mac OS X has the CA keystore in /System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts. This keystore seems to be overwritten by every Java update, which is very annoying since we have internal CAs for development environments, testing…
Is there a way to preserve keystore changes across Apple JSRs, and now, with Snow Leo JSR3, also across updates for the separate Java developer packages (whose JDKs use the same keystore)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
[这是过时的信息 - 请参阅下面 10.6+ 的答案]
/System/Library/Frameworks/JavaVM.framework/Home/是到Versions/CurrentJDK/Home的符号链接JavaVM.framework 内。显然,这将随着新版本而改变。使用完整路径(例如/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home),并且它不会随着更新而改变。[ This is outdated info - see the answer below for 10.6+ ]
/System/Library/Frameworks/JavaVM.framework/Home/is a symlink toVersions/CurrentJDK/Homewithin JavaVM.framework. Obviously this will change with a new Version. Use the full path (e.g./System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home) and it won't change across updates.以下参数可用于指定 java cacerts 文件的位置:
在 java 主目录(带有内部 CA)中制作 cacerts 的副本,并将其放在主目录中的某个位置。然后将 cacerts 文件位置的完整路径作为上面 javax.net.ssl.trustStore 属性的值。该副本不会被 Java 更新覆盖。默认密码是“changeit”。
这种方法的两个缺点是:
The following parameters can be used to specify the location of the cacerts file to java:
Make a copy of the cacerts in the java home directory (with internal CAs) and put it somewhere in your home directory. Then put the full path to the cacerts file location as the value of javax.net.ssl.trustStore property above. That copy will not get overwritten by Java updates. The default password is 'changeit'.
Two downsides to this approach are:
Mac OS X 10.6.8 Snow Leopard 中的情况似乎有所改变。现在
/System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts是/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/ 的符号链接lib/security/cacerts,如果幸运的话,它不会在更新时改变。It seems things have changed in Mac OS X 10.6.8 Snow Leopard. Now
/System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacertsis a symlink to/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts, which won't change on updates, if we're lucky.